[PATCH] crypto: atmel-sha204a - Fix OTP address check and uninitialized data access
Lothar Rubusch
l.rubusch at gmail.com
Thu Feb 26 13:22:07 PST 2026
Hi Thorsten, thx for squashing. I hope this goes ok with the maintainers.
On Tue, Feb 24, 2026 at 11:57 PM Thorsten Blum <thorsten.blum at linux.dev> wrote:
>
> Return -EINVAL from atmel_i2c_init_read_otp_cmd() on invalid addresses
> instead of -1. Since the OTP zone is accessed in 4-byte blocks, valid
> addresses range from 0 to OTP_ZONE_SIZE / 4 - 1. Fix the bounds check
> accordingly.
>
> In atmel_sha204a_otp_read(), propagate the actual error code from
> atmel_i2c_init_read_otp_cmd() instead of -1, and return early if
> atmel_i2c_send_receive() fails to avoid checking potentially
> uninitialized data in 'cmd.data'.
>
> Also, return -EIO instead of -EINVAL when the device is not ready.
>
> Fixes: e05ce444e9e5 ("crypto: atmel-sha204a - add reading from otp zone")
> Cc: stable at vger.kernel.org
> Reviewed-by: Lothar Rubusch <l.rubusch at gmail.com>
> Signed-off-by: Thorsten Blum <thorsten.blum at linux.dev>
> ---
> Compile-tested only.
>
> This patch combines [1] and [2], as suggested by Lothar in [2].
>
> Lothar's Reviewed-by: for [1] has been preserved.
>
> In [2], Lothar questioned whether returning -EIO is appropriate; the
> exact error code can be adjusted if needed. The errno is currently not
> propagated to userspace, but [3] changes this.
>
This was just more curiosity, nothing to mention.
> [1] https://lore.kernel.org/lkml/20260215205152.518472-3-thorsten.blum@linux.dev/
> [2] https://lore.kernel.org/lkml/20260220133135.1122081-2-thorsten.blum@linux.dev/
> [3] https://lore.kernel.org/lkml/20260216074552.656814-1-thorsten.blum@linux.dev/
> ---
> drivers/crypto/atmel-i2c.c | 4 ++--
> drivers/crypto/atmel-sha204a.c | 11 ++++++++---
> 2 files changed, 10 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/crypto/atmel-i2c.c b/drivers/crypto/atmel-i2c.c
> index da3cd986b1eb..59d11fa5caeb 100644
> --- a/drivers/crypto/atmel-i2c.c
> +++ b/drivers/crypto/atmel-i2c.c
> @@ -72,8 +72,8 @@ EXPORT_SYMBOL(atmel_i2c_init_read_config_cmd);
>
> int atmel_i2c_init_read_otp_cmd(struct atmel_i2c_cmd *cmd, u16 addr)
> {
> - if (addr < 0 || addr > OTP_ZONE_SIZE)
> - return -1;
> + if (addr >= OTP_ZONE_SIZE / 4)
> + return -EINVAL;
>
> cmd->word_addr = COMMAND;
> cmd->opcode = OPCODE_READ;
> diff --git a/drivers/crypto/atmel-sha204a.c b/drivers/crypto/atmel-sha204a.c
> index 8adc7fe71c04..b0480d3bec70 100644
> --- a/drivers/crypto/atmel-sha204a.c
> +++ b/drivers/crypto/atmel-sha204a.c
> @@ -94,19 +94,24 @@ static int atmel_sha204a_rng_read(struct hwrng *rng, void *data, size_t max,
> static int atmel_sha204a_otp_read(struct i2c_client *client, u16 addr, u8 *otp)
> {
> struct atmel_i2c_cmd cmd;
> - int ret = -1;
> + int ret;
>
> - if (atmel_i2c_init_read_otp_cmd(&cmd, addr) < 0) {
> + ret = atmel_i2c_init_read_otp_cmd(&cmd, addr);
> + if (ret < 0) {
> dev_err(&client->dev, "failed, invalid otp address %04X\n",
> addr);
> return ret;
> }
>
> ret = atmel_i2c_send_receive(client, &cmd);
> + if (ret < 0) {
> + dev_err(&client->dev, "failed to read otp at %04X\n", addr);
> + return ret;
> + }
>
> if (cmd.data[0] == 0xff) {
> dev_err(&client->dev, "failed, device not ready\n");
> - return -EINVAL;
> + return -EIO;
> }
>
> memcpy(otp, cmd.data+1, 4);
> --
> Thorsten Blum <thorsten.blum at linux.dev>
> GPG: 1D60 735E 8AEF 3BE4 73B6 9D84 7336 78FD 8DFE EAD4
>
I compiled this patch, loaded and unloaded it, sysfs entry also still
working. LGTM.
Reviewed-by: Lothar Rubusch <l.rubusch at gmail.com>
Best,
L
More information about the linux-arm-kernel
mailing list